A buffer overflow flaw was found in the zsh shell auto-complete functionality. A local, unprivileged user can create a specially crafted directory path which leads to code execution in the context of the user who tries to use auto-complete to traverse the before mentioned path. If the user affected is privileged, this leads to privilege escalation.

zsh is vulnerable to a stack-based buffer overflow in the gen_matches_files() function. A local attacker could exploit this through tab completion of directories with long names leading to arbitrary code execution.